Specifying the LDAP Settings

This section describes the steps required to configure the system to use Active Directory to authenticate and authorize EOM users.

Before configuring Advanced Store to use Active Directory, ensure that the following requirements have been met:

  • The Active Directory and CoreDb roleCode must match.
  • The Active Directory and CoreDb orgName must match if validating the organizational unit.
  • A user can only have one AD group associated to an NCR role for a single location.

This task uses the following file.

File name Location

web.config

C:\inetpub\wwwroot\NCRRetailOne

Note

For detailed information on the LDAP Role Delimiter, LDAP Role Validation Types, and LDAP Domain Name settings, refer to Configuring the Enterprise to Use Active Directory.

To configure the POS user authentication, follow these steps:

  1. Open the web.config file using a text editor.
  2. In the <unity> section, change the authentication model configuration from “UserSecurity” to “LDAPUserSecurity”, as follows:

    <type type="Ncr.Retail.DomainModel.Security.ISecurity,Ncr.Retail.DomainModel.Security"
    mapTo="Ncr.Retail.DomainModel.Security.LDAPUserSecurity,Ncr.Retail.DomainModel.Security" </type>

  3. In the <unity> section, change the user model configuration from “UserImpl” to “LDAPUserImpl”, as follows:

    <type type="Ncr.Retail.DomainModel.Security.IUser,Ncr.Retail.DomainModel.Security"
    mapTo="Ncr.Retail.DomainModel.Security.LDAPUserImpl,Ncr.Retail.DomainModel.Security" </type>

  4. If LDAP is the authentication server, add the LDAPConnectionString in the <appSettings> section, as follows:

    <add key="LDAPConnectionString" value="LDAP://ldap.mycompany.be:389/ou=users,o=mycompany,dc=mycompany,dc=be"></add>

  5. (Optional) If a delimiter other than underscore is used, specify the new LDAPRoleDelimiter in the <appSettings> section.
    Example

    <add key="LDAPRoleDelimeter" value=","></add>

  6. In the <appSettings> section, add one of the following values to the LDAPRoleValidationType:
    • RoleCode
    • RoleName
    • RoleCodeOnly
    • RoleNameOnly
    Example

    <add key="LDAPRoleValidationType" value="RoleCode"></add>

  7. In the <appSettings> section, add the value for the LDAPDomainName.
    Example

    Pre-Windows 2000 domain name
    <add key="LDAPDomainName" value="weboffice"></add>

    Example

    Post-Windows 2000 domain name
    <add key="LDAPDomainName" value="@weboffice.local"></add>

    Tip

    When using the post-Windows 2000 format, keep in mind that AS user names have a limit of 32 characters.

  8. In the <appSettings> section, leave the value for the LDAPAlternateIdName blank.
    Note

    To specify the value for the LDAP Alternate ID Name, consult with an NCR Representative.

  9. In the <appSettings> section, modify the value for the LDAPMaxPageSize depending on the preferred number of lookup results per page.
    Example

    <add key="LDAPMaxPageSize" value="1000"></add>

    Note

    The maximum lookup results per page is 1000.

  10. In the <appSettings> section, add the value for the LDAPOrgUnit to focus search results on predefined Org units.
    Example

    <add key="LDAPOrgUnit" value="OU=Admin,DC=asunit,DC=local;CN=Users,DC=asunit,DC=local"></add>

    Note

    Paths are separated by semicolons.

  11. Save the file.